Today > vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-37993

Sept. 18, 2024, 3:32 p.m.

CVSS Score

7.5 / 10

Products Impacted

Vendor Product Versions
siemens
  • simatic_rf360r_firmware
  • simatic_rf360r
  • simatic_rf1170r_firmware
  • simatic_rf1170r
  • simatic_rf1140r_firmware
  • simatic_rf1140r
  • simatic_reader_rf685r_fcc_firmware
  • simatic_reader_rf685r_fcc
  • simatic_reader_rf685r_etsi_firmware
  • simatic_reader_rf685r_etsi
  • simatic_reader_rf685r_cmiit_firmware
  • simatic_reader_rf685r_cmiit
  • simatic_reader_rf685r_arib_firmware
  • simatic_reader_rf685r_arib
  • simatic_reader_rf680r_fcc_firmware
  • simatic_reader_rf680r_fcc
  • simatic_reader_rf680r_etsi_firmware
  • simatic_reader_rf680r_etsi
  • simatic_reader_rf680r_cmiit_firmware
  • simatic_reader_rf680r_cmiit
  • simatic_reader_rf680r_arib_firmware
  • simatic_reader_rf680r_arib
  • simatic_reader_rf650r_fcc_firmware
  • simatic_reader_rf650r_fcc
  • simatic_reader_rf650r_etsi_firmware
  • simatic_reader_rf650r_etsi
  • simatic_reader_rf650r_cmiit_firmware
  • simatic_reader_rf650r_cmiit
  • simatic_reader_rf650r_arib_firmware
  • simatic_reader_rf650r_arib
  • simatic_reader_rf615r_fcc_firmware
  • simatic_reader_rf615r_fcc
  • simatic_reader_rf615r_etsi_firmware
  • simatic_reader_rf615r_etsi
  • simatic_reader_rf615r_cmiit_firmware
  • simatic_reader_rf615r_cmiit
  • simatic_reader_rf610r_fcc_firmware
  • simatic_reader_rf610r_fcc
  • simatic_reader_rf610r_etsi_firmware
  • simatic_reader_rf610r_etsi
  • simatic_reader_rf610r_cmiit_firmware
  • simatic_reader_rf610r_cmiit
  • simatic_rf188ci_firmware
  • simatic_rf188ci
  • simatic_rf188c_firmware
  • simatic_rf188c
  • simatic_rf186ci_firmware
  • simatic_rf186ci
  • simatic_rf186c_firmware
  • simatic_rf186c
  • simatic_rf185c_firmware
  • simatic_rf185c
  • simatic_rf166c_firmware
  • simatic_rf166c
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -

Description

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected applications do not authenticated the creation of Ajax2App instances. This could allow an unauthenticated attacker to cause a denial of service condition.

Weaknesses

CWE-284
Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE ID: 284

Date

Published: Sept. 10, 2024, 10:15 a.m.

Last Modified: Sept. 18, 2024, 3:32 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

productcert@siemens.com

CPEs

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o siemens simatic_rf360r_firmware / / / / / / / /
h siemens simatic_rf360r - / / / / / / /
o siemens simatic_rf1170r_firmware / / / / / / / /
h siemens simatic_rf1170r - / / / / / / /
o siemens simatic_rf1140r_firmware / / / / / / / /
h siemens simatic_rf1140r - / / / / / / /
o siemens simatic_reader_rf685r_fcc_firmware / / / / / / / /
h siemens simatic_reader_rf685r_fcc - / / / / / / /
o siemens simatic_reader_rf685r_etsi_firmware / / / / / / / /
h siemens simatic_reader_rf685r_etsi - / / / / / / /
o siemens simatic_reader_rf685r_cmiit_firmware / / / / / / / /
h siemens simatic_reader_rf685r_cmiit - / / / / / / /
o siemens simatic_reader_rf685r_arib_firmware / / / / / / / /
h siemens simatic_reader_rf685r_arib - / / / / / / /
o siemens simatic_reader_rf680r_fcc_firmware / / / / / / / /
h siemens simatic_reader_rf680r_fcc - / / / / / / /
o siemens simatic_reader_rf680r_etsi_firmware / / / / / / / /
h siemens simatic_reader_rf680r_etsi - / / / / / / /
o siemens simatic_reader_rf680r_cmiit_firmware / / / / / / / /
h siemens simatic_reader_rf680r_cmiit - / / / / / / /
o siemens simatic_reader_rf680r_arib_firmware / / / / / / / /
h siemens simatic_reader_rf680r_arib - / / / / / / /
o siemens simatic_reader_rf650r_fcc_firmware / / / / / / / /
h siemens simatic_reader_rf650r_fcc - / / / / / / /
o siemens simatic_reader_rf650r_etsi_firmware / / / / / / / /
h siemens simatic_reader_rf650r_etsi - / / / / / / /
o siemens simatic_reader_rf650r_cmiit_firmware / / / / / / / /
h siemens simatic_reader_rf650r_cmiit - / / / / / / /
o siemens simatic_reader_rf650r_arib_firmware / / / / / / / /
h siemens simatic_reader_rf650r_arib - / / / / / / /
o siemens simatic_reader_rf615r_fcc_firmware / / / / / / / /
h siemens simatic_reader_rf615r_fcc - / / / / / / /
o siemens simatic_reader_rf615r_etsi_firmware / / / / / / / /
h siemens simatic_reader_rf615r_etsi - / / / / / / /
o siemens simatic_reader_rf615r_cmiit_firmware / / / / / / / /
h siemens simatic_reader_rf615r_cmiit - / / / / / / /
o siemens simatic_reader_rf610r_fcc_firmware / / / / / / / /
h siemens simatic_reader_rf610r_fcc - / / / / / / /
o siemens simatic_reader_rf610r_etsi_firmware / / / / / / / /
h siemens simatic_reader_rf610r_etsi - / / / / / / /
o siemens simatic_reader_rf610r_cmiit_firmware / / / / / / / /
h siemens simatic_reader_rf610r_cmiit - / / / / / / /
o siemens simatic_rf188ci_firmware / / / / / / / /
h siemens simatic_rf188ci - / / / / / / /
o siemens simatic_rf188c_firmware / / / / / / / /
h siemens simatic_rf188c - / / / / / / /
o siemens simatic_rf186ci_firmware / / / / / / / /
h siemens simatic_rf186ci - / / / / / / /
o siemens simatic_rf186c_firmware / / / / / / / /
h siemens simatic_rf186c - / / / / / / /
o siemens simatic_rf185c_firmware / / / / / / / /
h siemens simatic_rf185c - / / / / / / /
o siemens simatic_rf166c_firmware / / / / / / / /
h siemens simatic_rf166c - / / / / / / /

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

Base Score
7.5
Exploitability Score
3.9
Impact Score
3.6
Base Severity
HIGH
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

https://cert-portal.siemens.com/ productcert@siemens.com